mr.automation

awesome. thanks. I also found a tool online that's free that does the bulk of this as well. Just in case people want to use this: https://www.digicert.com/cert-inspector.htm Just requires a free account but it will give you the cert, what hosts are using, it's weaknesses, expiry dates, etc. Still, nice to have both options. Thanks for the help.

I'm trying to think of a way to use nmap to scan a range of IP's only on 443 to discover certs and then put this information into a file so that I can alerts on ones that are expiring. using something like "nmap -sV -p 443 <ip_range> will give you very simple results about the port being open and I think there is an NSE script for ssl-cert, but has anyone done something like this where you could get the cert name, expiry date, key and the output that to a file so you could run another on it to send out an e-mail alert if the cert is less than 30 days from expiring or expired?